Online or electronic security is a major issue in the industry. It seems a month does not go by without news of some major business having a security breach. Such breaches include government agencies, retail outlets, social media companies, and even major banks.
Whenever an enterprise believes that a secure fix to remedy a breach has been deployed, hackers quickly figure out a new way to breach their systems. In some cases, the breaches are not even within the systems of the enterprise; rather, the breaches can occur over network transmission lines that enter or exit the enterprise systems; the hackers use sniffing techniques to acquire copies of data packets being transmitted over the network lines and find a way to break any encryption being used (assuming encryption was being used).
The problem of security is particularly problematic with financial transactions where a consumers identity information, banking, and credit card details are at risk of being compromised.
For example, a Point-Of-Sale (POS) terminal or an Automated Teller Machine (ATM) includes a variety of independent internal peripheral devices that interact with a main processing unit, such as a printer, an encrypted pin pad, a scanner, a touch screen, a magnetic card reader, and the like. Each of these may be integrated within the main processing unit through a variety of connections, such as through Universal Serial Bus (USB) connections, and others. Each of these peripheral devices have processing capabilities and have the ability to be compromised and once compromised each peripheral can compromise other peripherals, the main processing unit, or even infiltrate the network and spread to other POS terminals, other ATMs, or backend servers.
Enterprises have spent and continue to spend large sums of capital resources and human resources to improve security of their systems and all the devices and connections of those devices to their systems. This is an ongoing process always trying to stay one step ahead of hackers and yet it seems enterprises are always one step behind the hackers.
Therefore, there is a need for a more proactive, adaptable, and dynamical remedial approach to improving security of enterprise systems.